YAHOO Mail : Data Leakage Prevention

YAHOO mail has launched the ability to add applications to the web interface. This post is about an application that was presented at the YAHOO Hackday, Bangalore. The original hack is detailed in Babu Srithar's blog.

As shown in the video, the mail can be dragged onto the application icon to redact information. The prototype is crude in the sense that it uses encryption to achieve redaction. It also requires the user to identify sensitive information that has to be redacted. A production ready implementation could simply use industry standard data classification toolkits like Tablus and use it for identifying information. Using roles assigned to users, the redaction server can also ensure that information displayed to different depends on the roles assigned to them.There is still some usability issues with having to drag and drop the mail to the application, but I think that YAHOO would overcome this issue and grant applications more capabilities.